Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Removing Burstabit Spyware?

Cliff posted more than 11 years ago | from the getting-rid-of-pesky-programs dept.

Privacy 40

Webbsurfer asks: "I recently returned home from school from winter break, and discovered a good chunk of spyware on my parent's computer. I've ran ad-aware and cleared out the obvious P2P programs, but there's one I can't seem to get rid of. It generates pop-up ads, which come from the burstabit.com domain. Any ideas who these guys are and how to get rid of their junk?"

cancel ×

40 comments

Sorry! There are no comments related to the filter you selected.

What OS? (2)

TC (WC) (459050) | more than 11 years ago | (#4955102)

You can just point the offending domain name to localhost so that it can't actually grab any of the banner ads. How you go about this depends on what OS you're running.

Re:What OS? (5, Informative)

GimmeFuel (589906) | more than 11 years ago | (#4955169)

Given that the question talks about parents who don't sound very computer literate and P2P programs, I'd assume it's some flavor of Windows. Try to find a "hosts" file (no extension) in C:\WINDOWS\ or a subdirectory (I also found it in C:\WINDOWS\SYSTEM32\DRIVERS\etc). Open it with notepad and add on a new line:

127.0.0.1 burstabit.com

This means that whenever the system tries to connect to burstabit.com, it'll skip the DNS lookup and connect to 127.0.0.1, which is your computer. This'll hopefully stop the spyware.

Re:What OS? (0)

Anonymous Coward | more than 11 years ago | (#4955247)

> 127.0.0.1 burstabit.com

That won't work, at least not in WinME and earlier. (I don't know about XP.) Windows will only use localhost for burstabit.com EXPLICITLY, which means www.burstabit.com will resolve normally. So will www1.burstabit.com, www2.burstabit.com, ads.burstabit.com, and any other host name at burstabit.com. You have to add all of them to hosts, and any new hosts they add in the future will get through.

Re:What OS? (1)

Directrix1 (157787) | more than 11 years ago | (#4955988)

This could very well be a virus which utilized one of the many zillions of ways to exploit internet explorer. My parents had a rogue web page install another javascript time triggered web page into the registry to start at boot, and bring up ads at random intervals.

Re:What OS? (0)

Anonymous Coward | more than 11 years ago | (#4956554)

Your parents did that? That's so evil. They must really hate you.

Re:What OS? (0)

Anonymous Coward | more than 11 years ago | (#4955255)

Unfortunately, following your advice will result in continued pop-ups that have no content.

That's just as irritating to most people.

Browser Help Object (5, Informative)

TheSHAD0W (258774) | more than 11 years ago | (#4955107)

Aside from the program folder, a lot of spyware hides in the list of Browser Help Objects. Do a net search for "BHO Cop". (That utility, by PC Magazine, was withdrawn from general distribution, but can be found here and there, and there are other utilities that do the same thing.)

Re:Browser Help Object (4, Informative)

TheSHAD0W (258774) | more than 11 years ago | (#4955160)

Here's a page at spywareinfo.com [spywareinfo.com] with a number of utilities for cleaning up Browser Help Objects and other forms of spyware. I recommend it.

Re:Browser Help Object (1)

thor (3901) | more than 11 years ago | (#4955430)


bhocop.zip [zdnet.com]

thor

Easy Removal (0)

Anonymous Coward | more than 11 years ago | (#4955117)

c:\>format c:

Re:Easy Removal (0)

Anonymous Coward | more than 11 years ago | (#4955204)

# mkreiserfs /dev/hda1

Known Issue (0, Flamebait)

Anonymous Coward | more than 11 years ago | (#4955128)


Microsoft have acknowledged the problem with removing certain types of crap software. Check out this knowledgebase article [microsoft.com] to solve the problem.

Re:Known Issue (0)

Anonymous Coward | more than 11 years ago | (#4955225)

worse than a goatse.cx link.h

Bravo... (0)

Anonymous Coward | more than 11 years ago | (#4955452)

Very funny. Merry Christmas to you sir!

Registry (1)

schmink182 (540768) | more than 11 years ago | (#4955158)

Assuming you're running Windows, I'd just run regedit and search for burstabit. Delete everything that comes up, unless you can find a compelling reason not to.

What burstabit.com domain? (0)

Anonymous Coward | more than 11 years ago | (#4955159)

Funny, I can't seem to find one. Hmm.

Re:What burstabit.com domain? (1)

Stinson (564450) | more than 11 years ago | (#4955257)

Domain Name: BURSTABIT.COM Registrar: TLDS, INC. DBA SRSPLUS Whois Server: whois.srsplus.com Referral URL: http://www.srsplus.com Name Server: NS1.I-HOSTDNS.COM Name Server: NS2.I-HOSTDNS.COM Updated Date: 10-dec-2002 >>> Last update of whois database: Tue, 24 Dec 2002 17:05:11 EST ...That domain

Re:What burstabit.com domain? (0)

Anonymous Coward | more than 11 years ago | (#4955272)

Whois Server Version 1.3

Domain names in the .com, .net, and .org domains can now be registered
with many different competing registrars. Go to http://www.internic.net
for detailed information.

Domain Name: BURSTABIT.COM
Registrar: TLDS, INC. DBA SRSPLUS
Whois Server: whois.srsplus.com
Referral URL: http://www.srsplus.com
Name Server: NS1.I-HOSTDNS.COM
Name Server: NS2.I-HOSTDNS.COM
Updated Date: 10-dec-2002

>>> Last update of whois database: Tue, 24 Dec 2002 17:05:11 EST

The Registry database contains ONLY .COM, .NET, .ORG, .EDU domains and
Registrars.

Found InterNIC referral to whois.srsplus.com.

burstabit.com

Registrant:
Domain Admin (postmaster@email-junction.com)
96 Maine Street PNB 221
Brunswick, ME 04011-2013
US
1-781-658-2354

Domain Name: burstabit.com

Administrative, Technical, Billing Contact:
Domain Admin (postmaster@email-junction.com)
96 Maine Street PNB 221
Brunswick, ME 04011-2013
US
1-781-658-2354

Record created on Oct 30 2002.
Record expires on Oct 30 2003.
Domain servers:
ns1.i-hostdns.com
ns2.i-hostdns.com

You have used the whois service 3 / 20

Too bad... (2)

sporty (27564) | more than 11 years ago | (#4955165)

Too bad you didn't make the offending domain a hyperlink. I'm sure they would have loved the slashdotting. Think of the irony of it. You can't use your parent's computer because of burstabit, but burstabit couldn't use their own servers because of you :)

Yes, might doesn't make right.. blah blah blah, but three lefts do. :P

Re:Too bad... (0)

Anonymous Coward | more than 11 years ago | (#4955181)

I'm getting domain not found anyway.

Re:Too bad... (0)

zonker (1158) | more than 11 years ago | (#4959549)

yeah, or give them free advertising...

not everyone that reads /. has everyones best interests in mind...

HOSTS file (1)

phreaknb (611492) | more than 11 years ago | (#4955178)

Try adding the domain to the HOSTS file, do a search and you will find it. Add something like this:
127.0.0.1 burstabit.com

Get Spybot (2, Informative)

Anonymous Coward | more than 11 years ago | (#4955240)

Ad-Aware hasn't updated their reference files since late September. Do yourself a favor and grab Spybot [http://security.kolla.de/].

Check the registry (3, Informative)

Ziktar (196669) | more than 11 years ago | (#4955244)

I'd use BHO Cop as suggested in a previous post, but more than likely it's just in one of the Run keys in the registry. You can either launch regedit and browse to the run keys, or use msconfig's startup tab to delete all the unneccessary crap.

The one that annoyed me (0)

Terminus0 (266721) | more than 11 years ago | (#4955289)

I started using a new computer at work that various people had used before me, but there didn't appear to be much spyware on it.
Atleast, until I opened IE. The first URL I type in that is a typo, I get sent to something at www.lop.com or something like that which brings up pop-ups.
Every single time I mis-type a url, bam, pop-ups. It was the single most annoying thing I ever used. After a week of this, I formatted the computer.

Re:The one that annoyed me (3, Informative)

einTier (33752) | more than 11 years ago | (#4956324)

I've used a computer 'infected' with lop.com [lop.com] . One of the worst things I've ever seen. I couldn't figure out how to get rid of it either, I had to eventually just format the thing and just start over.


Tons of pop-ups, a lot of mis-redirection back to lop.com (like trying to go to google.com), and all kinds of "helper" lop.com applications. I'd love to know how to get rid of it if I ever run across it again.

Re:The one that annoyed me (1)

AnotherShep (599837) | more than 11 years ago | (#4956440)

http://lop.com/help.html#uninstall

Re:The one that annoyed me (3, Informative)

babbage (61057) | more than 11 years ago | (#4957265)

Unfortunately, considering the ways these spyware programs are written, their "official" uninstall instructions are unlikely to be enough. What to do? Google to the rescue! Their new webquotes beta service -- which shows you [a] the URL it thinks you're looking for, and [b] *what other pages say about that URL* -- is exactly what you need here [google.com] . Follow that link and you'll find several explanations of how Lop works & how to remove it, and you don't have to take their "official" word for it.

Google rules. Well, usually -- they're not turning up any hits for Burstabit yet, though I'm sure this article will itself become part of their index before too long. Not that that Google reference helps the person who submitted this story in the first place...

Careful clicking on that link (2)

Moses Lawn (201138) | more than 11 years ago | (#4957985)

God DAMN that's nasty. I'd forgotten I'd enabled popups. That hit me with 8 or 9 copies before I could hit escape.

What do they do - put newWindow(this) in the onLoad handler? (Note: preceeding was not necessarily valid, or even, reasonable, Javascript)

Tsk-tsk (3, Funny)

MacAndrew (463832) | more than 11 years ago | (#4955295)

Is this really how your parents are making you spend your vacation? ;-)

Curiosity: Did your parents sign off on the installation of all of the spyware? If so, why, if not, how did it arrive?

Happy Hunting -- and Holidays.

Re:Tsk-tsk (1)

Big Sean O (317186) | more than 11 years ago | (#4955441)

The usual way...

His Mom or Dad saw a nifty program, downloaded it and blindly clicked through the install screens which added the nasty spyware.

Thank god my mom got a macintosh. None of that crap was ever written for OS9, and now, thanks to OSX, it never will be.

Last Christmas I installed her printer. Talk about a breeze...

Re:Tsk-tsk (1)

MacAndrew (463832) | more than 11 years ago | (#4955499)

You know, I am so darn tired of you Mac nuts.

Oh wait, I own three of them. I guess I am one. ;-)

Re:Tsk-tsk (1)

Directrix1 (157787) | more than 11 years ago | (#4955994)

Shut up, macs are just as susceptible to spyware.

Switch them to Linux. (1, Offtopic)

Mordant (138460) | more than 11 years ago | (#4955838)

Then they won't have that problem.

Re:Switch them to Linux. (1)

Takeel (155086) | more than 11 years ago | (#4955864)

"Sooonny! What's a segfault? And what's a root?"

Re:Switch them to Linux. (0)

Anonymous Coward | more than 11 years ago | (#4955880)

Mom! You should know what a root is, oh I was adopted, nice to tell me that for Christmas.

Re:Switch them to Linux. (1)

zentex (176409) | more than 11 years ago | (#4955877)

Then they won't have that problem.

and they wont have a computer usable by them either. are *you* gonna take thier calls day in and day out? when your trying to work/study/mac on a chick?

Linux is not for parents or your grandma. Apples or windows are more suited for them. Linux is for you (not for me; i'll stick with BSD).

when will you people learn this? and the REAL statistics of TCO/TCA that occompanies OSS (ANY flavour)

regedit (2)

Gothmolly (148874) | more than 11 years ago | (#4960719)

It's easy on a Win box. Run regedit (or equivalent) and look for the key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Cu rr entVersion\Run

and see what gets kicked off when the system starts. Delete the entries you don't want. Done.

Moderation Totals: +3, Obvious

the quickest surest way (2)

/dev/trash (182850) | more than 11 years ago | (#4961273)

Backup. Fdisk. Reinstall.
Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>